iptables

1. ###****BEGIN IPTABLES HOSTAPD FIREWALL****###
2. # Ensure subnets do not match
3. ifconfig dns0 up 172.16.0.1 netmask 255.255.255.254
4. ifconfig dns1 up 172.16.2.1 netmask 255.255.255.252
5. ifconfig wlan0 up 10.0.0.2 netmask 255.255.255.0
6. # Clearing old iptables settings
7. iptables --flush
8. iptables --table nat --flush
9. iptables --delete-chain
10. iptables --table nat --delete-chain
11. # Reqired iptables rule for eth0 masquerading (enable only if not using a vpn)
12. iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
13. # Allowing wireless traffic (enable only if not using a vpn)
14. iptables --append FORWARD --in-interface wlan0 --out-interface eth0 -j ACCEPT
15. # Allowing iodine (ip-over-dns) traffic (enable only if not using a vpn)
16. iptables -t filter -A FORWARD -i eth0 -o dns+ -m state --state RELATED,ESTABLISHED -j ACCEPT
17. iptables -t filter -A FORWARD -i dns+ -o eth0 -j ACCEPT
18.  
19. ###****BEGIN IPTABLES EMAIL FIREWALL****###
20. #iptables -P INPUT DROP
21. #iptables -P FORWARD DROP
22. #iptables -P OUTPUT ACCEPT
23. ## Fine tune what traffic we want
24. # Keep state.
25. iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
26. # Loop device.
27. iptables -A INPUT -i lo -j ACCEPT
28. # http, https
29. iptables -A INPUT -p tcp --dport 80 -j ACCEPT
30. iptables -A INPUT -p tcp --dport 443 -j ACCEPT
31. # smtp, submission
32. iptables -A INPUT -p tcp --dport 25 -j ACCEPT
33. iptables -A INPUT -p tcp --dport 587 -j ACCEPT
34. # pop3, pop3s
35. iptables -A INPUT -p tcp --dport 110 -j ACCEPT
36. iptables -A INPUT -p tcp --dport 995 -j ACCEPT
37. # imap, imaps
38. iptables -A INPUT -p tcp --dport 143 -j ACCEPT
39. iptables -A INPUT -p tcp --dport 993 -j ACCEPT
40. # ssh
41. iptables -A INPUT -p tcp --dport 22 -j ACCEPT
42. # Allow PING from remote hosts.
43. iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
44. # ejabberd
45. #iptables -A INPUT -p tcp --dport 5222 -j ACCEPT
46. #iptables -A INPUT -p tcp --dport 5223 -j ACCEPT
47. #iptables -A INPUT -p tcp --dport 5280 -j ACCEPT
48. # ldap/ldaps
49. #iptables -A INPUT -p tcp --dport 389 -j ACCEPT
50. #iptables -A INPUT -p tcp --dport 636 -j ACCEPT
51. # ftp.
52. #iptables -A INPUT -p tcp --dport 20 -j ACCEPT
53. #iptables -A INPUT -p tcp --dport 21 -j ACCEPT